How to replace OpenSSH with Dropbear on Raspberry Pi OS Buster

OpenSSH is the default SSH server/client on Raspberry Pi OS (formerly known as Raspbian), but on systems where RAM is at a premium – the Raspberry Pi 3 Model A+ or Raspberry Pi Zero W, for example – saving memory can be important. One simple way to do this is by replacing OpenSSH with a similar but more lightweight SSH program called Dropbear. Here’s how:

First, install Dropbear:

sudo apt-get install dropbear

Answer yes at the prompt by pressing enter. Next, edit the Dropbear configuration file with:

sudo nano /etc/default/dropbear

and change the line

NO_START=1

to

NO_START=0

save the file with ctrl-o > enter > ctrl-x.

Now stop OpenSSH (if you have accessed your Pi with SSH, you won’t lose your connection):

sudo systemctl stop sshd.service

Now enable and start Dropbear with:

sudo systemctl enable dropbear.service

followed by:

sudo systemctl start dropbear.service

At this point it is safe to disable OpenSSH with

sudo systemctl disable sshd.service

Optionally, reboot your Raspberry Pi:

sudo reboot

Next time you SSH to your Pi you will probably see a message that says:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This is because, when it was installed, Dropbear generated new SSH keys. Edit your known_hosts file to delete the line containing the IP address of your Pi and SSH to your Pi again.

Leave a Reply

Your email address will not be published. Required fields are marked *